UPDATED 21:51 EDT / SEPTEMBER 24 2018

APPS

Apple’s MacOS Mojave released but with a major security vulnerability

Apple Inc. today released macOS 10.14 Mojave to the general public, but in a bad sign for the company, it has a major security vulnerability.

Mojave was announced in June 4 with a beta release being made available later that month. Finder and Quick Look have been upgraded with support added to the sidebar for full metadata for images, multimedia, documents and files, while Quicklook now integrates editor software Markup to recognize numerous types of media.

Most of the changes were under the hood, but a new native “dark mode” allows users to change the look and feel of the entire user interface to darken the display and, as it unexpectedly turns out, allow hackers to break into the macOS install.

Detailed by security researcher Patrick Wardle, a severe security flaw introduced in the dark theme allows unauthorized access to a users’ private data. Speaking to Bleeping Computer, Wardle explained that the vulnerability, which can be exploited by an unverified app, stems from the way Apple has implemented protections for privacy-related data.

Although not going into great detail about the technical aspects, a video shows Wardle attempting to access a user’s protected address book without success. Then he runs a bypass program, dubbed fittingly “breakMojave,” wherein Wardle locates a user’s address book, circumvents the privacy access controls and copies its contents to his desktop.

Wardle added that the bypass does not work with all of Mojave’s new privacy protection features and that hardware-based components such as the built-in webcam are unaffected.

Apple has not commented on the report, although Wardle said he attempted to reach out to the company before going public. Presumably, the vulnerability also existed in the beta versions of Mojave prior to its official release.

It’s not a good look for Apple given that it has long boasted that its software is more secure than that of Microsoft Windows.

Wardle said he will release more details about the vulnerability at a conference in November.

Image: Apple

A message from John Furrier, co-founder of SiliconANGLE:

Your vote of support is important to us and it helps us keep the content FREE.

One click below supports our mission to provide free, deep, and relevant content.  

Join our community on YouTube

Join the community that includes more than 15,000 #CubeAlumni experts, including Amazon.com CEO Andy Jassy, Dell Technologies founder and CEO Michael Dell, Intel CEO Pat Gelsinger, and many more luminaries and experts.

“TheCUBE is an important partner to the industry. You guys really are a part of our events and we really appreciate you coming and I know people appreciate the content you create as well” – Andy Jassy

THANK YOU